Despite cries of "responsible encryption", numerous law enforcement agencies are cracking into iPhones using a box called "GrayKey". Even the latest iPhones may be affected:
FBI Director Christopher Wray recently said that law enforcement agencies are "increasingly unable to access" evidence stored on encrypted devices. Wray is not telling the whole truth.
Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.
[...] "It demonstrates that even state and local police do have access to this data in many situations," Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. "This seems to contradict what the FBI is saying about their inability to access these phones."
As part of the investigation, Motherboard found:
- Regional police forces, such as the Maryland State Police and Indiana State Police, are procuring a technology called 'GrayKey' which can break into iPhones, including the iPhone X running the latest operating system iOS 11.
- Local police forces, including Miami-Dade County Police, have also indicated that they may have bought the equipment.
- Other forces, including the Indianapolis Metropolitan Police Department, have seemingly not bought GrayKey, but have received quotations from the company selling the technology, called Grayshift.
- Emails show the Secret Service is planning to buy at least half a dozen GrayKey boxes to unlock iPhones.
- The State Department has already bought the technology, and the Drug Enforcement Administration is interested in doing so.
See also: FBI Refuses to Say Whether It Bought iPhone Unlocking Tech 'GrayKey'
Also at Engadget and AppleInsider.
Related: U.S. Legislators Trying to Weaken Encryption Yet Again
Related Stories
Submitted via IRC for SoyCow1
Trump's Department of Justice is trying to get a do-over with its campaign to get backdoors onto iPhones and into secure messaging services. The policy rebrand even has its own made-up buzzword. They're calling it "responsible encryption."
After Deputy Attorney General Rod J. Rosenstein introduced the term in his speech to the U.S. Naval Academy, most everyone who read the transcript was doing spit-takes at their computer monitors. From hackers and infosec professionals to attorneys and tech journalists, "responsible encryption" sounded like a marketing plan to sell unsweetened sugar to diabetics.
Government officials -- not just in the U.S. but around the world -- have always been cranky that they can't access communications that use end-to-end encryption, whether that's Signal or the kind of encryption that protects an iPhone. The authorities are vexed, they say, because encryption without a backdoor impedes law-enforcement investigations, such as when terrorist acts occur.
[...] "Look, it's real simple. Encryption is good for our national security; it's good for our economy. We should be strengthening encryption, not weakening it. And it's technically impossible to have strong encryption with any kind of backdoor," said Rep. Will Hurd (R-Texas), when asked about Rosenstein's proposal for responsible encryption at The Atlantic's Cyber Frontier event in Washington, D.C.
Source: Great, now there's 'responsible encryption'
Senators Diane Feinstein (D-CA) and Chuck Grassley (R-IA) are preparing legislation that would regulate encryption and potentially mandate "backdoors." The Senate Judiciary Committee has been meeting with tech lobbyists and at least three researchers to come up with a "secure way" to allow only law enforcement to access encrypted information:
US lawmakers are yet again trying to force backdoors into tech products, allowing Uncle Sam, and anyone else with the necessary skills, to rifle through people's private encrypted information. Two years after her effort to introduce new legislation died, Senator Dianne Feinstein (D-CA) is again spearheading an effort to make it possible for law enforcement to access any information sent or stored electronically. Such a backdoor could be exploited by skilled miscreants to also read people's files and communications, crypto-experts continue to warn.
Tech lobbyists this month met the Senate Judiciary Committee to discuss the proposed legislation – a sign that politicians have changed tactics since trying, and failing, to force through new laws back in 2016. New York District Attorney and backdoor advocate Cyrus Vance (D-NY) also briefed the same committee late last month about why he felt new legislation was necessary. Vance has been arguing for fresh anti-encryption laws for several years, even producing a 42-page report back in November 2015 that walked through how the inability to trawl through people's personal communications was making his job harder.
Tech lobbyists and Congressional staffers have been leaking details of the meetings to, among others, Politico and the New York Times.
From the NYT article:
A National Academy of Sciences committee completed an 18-month study of the encryption debate, publishing a report last month. While it largely described challenges to solving the problem, one section cited presentations by several technologists who are developing potential approaches. They included Ray Ozzie, a former chief software architect at Microsoft; Stefan Savage, a computer science professor at the University of California, San Diego; and Ernie Brickell, a former chief security officer at Intel.
[...] The researchers, Mr. Ozzie said, recognized that "this issue is not going away," and were trying to foster "constructive dialogue" rather than declaring that no solution is possible.
Also at The Hill.
Previously: New Paper on The Risks of "Responsible Encryption"
Report On Device Encryption Suggests A Few Ways Forward For Law Enforcement
Senator Wyden Calls on Digital Rights Activists to Block Legislative Efforts to Weaken Encryption
Apple argues stronger encryption will thwart criminals in letter to Australian government
Apple has long been a proponent for strong on-device encryption, most notably for its iPhones and the iOS operating system. This has often frustrated law enforcement agencies both in the US and overseas, many of which claim the company's encryption tools and policies are letting criminals avoid capture by masking communications and securing data from the hands of investigators.
Now, in a letter to the Australian government, Apple says it thinks encryption is in fact a benefit and public good that will only strength our protections against cyberattacks and terrorism. In Apple's eyes, encryption makes everyone's devices harder to hack and less vulnerable to take-overs, viruses, and other malicious attacks that could undermine personal and corporate security, as well as public infrastructure and services. Apple is specifically responding to the Australian Parliament's Assistance and Access Bill, which was introduced late last month and is designed to help the government more easily access the devices and data of criminals during active investigations.
Letter here (#53), or at Scribd and DocumentCloud.
Also at Ars Technica, Engadget, 9to5Mac, and AppleInsider.
Police told to avoid looking at recent iPhones to avoid lockouts
Police have yet to completely wrap their heads around modern iPhones like the X and XS, and that's clearer than ever thanks to a leak. Motherboard has obtained a presentation slide from forensics company Elcomsoft telling law enforcement to avoid looking at iPhones with Face ID. If they gaze at it too many times (five), the company said, they risk being locked out much like Apple's Craig Federighi was during the iPhone X launch event. They'd then have to enter a passcode that they likely can't obtain under the US Constitution's Fifth Amendment, which protects suspects from having to provide self-incriminating testimony.
Also at 9to5Mac.
Related:
California Lawmaker Tries Hand at Banning Encryption
New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
FBI Chief Calls for National Talk Over Encryption vs. Safety
Hacker Decrypts Apple's Secure Enclave Processor (SEP) Firmware
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
Law Enforcement Agencies Increasingly Cracking iPhones Using "GrayKey"
Australian Government Pursues "Golden Key" for Encryption
When's A Backdoor Not A Backdoor? When The Oz Government Says It Isn't
Five Eyes Governments Get Even Tougher on Encryption
FBI Used Cooperative Suspect's Face to Unlock His iPhone
(Score: 3, Funny) by bob_super on Friday April 13 2018, @07:08PM
It's fun to sue with the DDDDDMMMMMCCCCCAAAAA!
It's fun to sue with the DDDDDMMMMMCCCCCAAAAA!
What? Companies don't sue people who reverse-engineer their toys against The Bad Guys, just nasty mean pirates who are a clear threat to their ever-growing record profits?
(Score: 1, Insightful) by Anonymous Coward on Friday April 13 2018, @07:34PM (1 child)
I'm shocked I tell you. Shocked that there is lying taking place by the government.
(Score: 0) by Anonymous Coward on Friday April 13 2018, @08:08PM
I'm shocked that they don't call it GayKey.
(Score: 0) by Anonymous Coward on Friday April 13 2018, @08:23PM (3 children)
This is something we all need when Apple won't help us break into our own phone when we forget the code and want to reset it. As long as we all have access to the same tools, I am not against their use. Technology can be a great equalizer if we want it to be. Instead, everybody tries to get the advantage, when the objective should be to take it away.
Si tu fumas yo puedo fumar tambien
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @12:55AM (2 children)
I'm in favor of this tool as well. When I steal someone's phone this will make it much easier to get access to all their info, pics, etc. Then I can take what I want, wipe the phone and sell it on the street.
I also like this tool because I can get access to a phone and plant whatever evidence I want.
(Score: 2) by hemocyanin on Saturday April 14 2018, @01:49AM
I'm treating my smart phone more and more as dumb phone. I have barely any apps on it at all, Signal trims all text message threads at 25 messages. All they'll get off me is my recent call and text history, the last thing I calculated in the calculator, and whatever book I'm listening to currently from Audible, although I'm tempted to dig up my old ipod and go back to listening to my audiobooks that way.
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @06:02AM
Bla bla bla... And a butter knife can be used to kill a guy. What's yer point?
(Score: 2) by Runaway1956 on Friday April 13 2018, @08:30PM (1 child)
The Five Eyes have more resources than any corporation, or even combination of corporations. More, the Five Eyes can enlist the aid of any number of corporations and/or individuals. Apple is incapable of creating an "unbreakable" encryption system. Give time and resources, and maybe a little insider information, the best that Apple can offer can be broken.
I suppose that if Apple, Microsoft, Facebook and a few dozen other of the largest tech corps were to join forces to thwart government surveillance - the Five Eyes might be beaten.
But, none of us can imagine all those corporations joining forces. Virtually all of them have aided and abetted the government in past cases. Apple may (or may not) be the strongest advocate for consumer rights to privacy among the corporations. But, the others have pretty unanimously betrayed the consumer to the Five Eyes already.
We're fooked, big time. If Apple fights, then Apple ultimately loses. If Apple doesn't fight, then we all lose. They might defeat GrayKey today, but there will be another weapon in the arms race next month, or next year.
(Score: 2) by c0lo on Friday April 13 2018, @11:47PM
A race paid by the victims' money.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by realDonaldTrump on Saturday April 14 2018, @05:50AM
They say SoylentNews doesn't have ads. It has ads. The stories are the ads! And this is the 2nd one for this company. At least the 2nd. Grayshift, Grayshift, Grayshift!!!!